-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pid,
On 10/15/2010 12:19 PM, Pid wrote:
> On 15/10/2010 17:02, Juliano Daloia de Carvalho wrote:
>> I'll inject code using an agent.
>>
>> The thing is that I need to know for sure the message entering point on Tomcat,
>> and the leaving point also, so I can be able to sniff if the clients message has
>> the Cookie info with JSESSIONID= or not. and before sending to check if tomcat
>> sent set-cookie on header so I can make the change needed.
>
> Why? What does the code do that can't be done via a Servlet Filter?
You can't intercept the JSESSIONID in the following scenario:
1. User requests protected resource
2. Tomcat creates HttpSession, replies with Set-Cookie and FORM login page
3. User authenticates
4. User is forwarded/redirected to originally-requested resource from #1
Until step #4, no webapp-defined filter will run :(
This can be done with a Valve, but I'm not exactly sure how to insert a
Valve before the authentication valve, which is (I think) what you'd
have to do.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAky4oSgACgkQ9CaO5/Lv0PCy6ACeNxzO/MDqDjCilfQv8QYyruvx
T1QAoLSaZwrAqfM7miyp6NgMuyiCiRr+
=vjRr
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org